The FBI has indicted four members of the infamous FIN9 group for leading cryptocurrency-related hacking attacks on U.S. companies, resulting in losses of more than $71 million.
FIN9 members Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong reportedly hacked the computer networks of various U.S. companies.
Nonpublic information, including personal data about employee benefits and funds, was stolen between May 2018 and October 2021.
According to the indictment, members of the cybercrime organization infiltrated the company’s network through phishing campaigns and supply chain attacks.
The indictment details how FIN9 members gained unauthorized access to the company’s network through phishing campaigns and supply chain attacks.
Once inside, the attackers distributed malware, stole sensitive data, and extorted money from victims. They redirected digital employee benefits, such as gift cards, to accounts they controlled and stole gift card information from specific victims.
The defendants also stole personal information and credit card information from employees and customers of the targeted companies. To hide their identities, they used stolen information to register online accounts at cryptocurrency exchanges or server hosting companies.
Tai, Xuyen, and Truong allegedly sold stolen gift cards to third parties through accounts registered under fake names on a peer-to-peer cryptocurrency marketplace.
The group’s operations targeted a wide range of U.S. companies, particularly those in the technology, manufacturing and financial sectors.
FBI vs. FIN9
The FBI Newark Cyber Squad, led by Special Agent James E. Dennehy, led this effort.
The FBI Little Rock Cyber Squad, led by Special Agent Alicia D. Corder, assisted in the investigation. This case is being prosecuted by Assistant U.S. Attorneys Anthony P. Torntore and Vinay S. Limbachia of the Cybercrime Section of the U.S. Attorney’s Office in Newark.
The defendants face a variety of charges, including conspiracy to defraud, extortion and computer-related activity, and face up to five years in prison.
They are also charged with conspiracy to commit wire fraud, which carries a penalty of up to 20 years in prison. They are also charged with willful damage to a protected computer, each count punishable by up to 10 years in prison.
Additional charges include one count of money laundering conspiracy, which carries a maximum penalty of 20 years for defendants Tai, Xuyen and Truong.
For aggravated identity theft, Tai and Quoc could be sentenced to two consecutive years in prison, and for conspiracy to commit identity fraud, they could be sentenced to up to 15 years in prison.
U.S. Attorney Philip R. Sellinger highlighted the Justice Department’s success in identifying defendants despite their attempts to evade detection through technology.
He emphasized the use of keyboards, VPNs and fake identities in the operation, but emphasized that the Justice Department could track them. Sellinger reaffirmed his office’s commitment to seeking justice for victims and sent a clear message to cybercriminals around the world.
James E. Dennehy, Special Agent in Charge of the FBI’s Newark Office, highlighted the challenges posed by cyber attackers who operate in the virtual realm and often evade detection.
He highlighted the precise and innovative methods FBI Newark’s Cyber Task Force and its law enforcement partners use to discover these individuals and classify them as simple thieves. Dennehy urged businesses and organizations experiencing similar attacks to immediately contact law enforcement to secure their systems and prevent further damage.
This indictment represents a key component of a broader U.S. law enforcement plan to disrupt sophisticated cybercrime groups like FIN9. The FBI highlighted the growing risk posed by these groups, which are known to use advanced techniques and tools to carry out cyberattacks.
Cryptocurrency crime increases
A recent Chainalytic report highlights the increasing complexity and resource demands associated with cryptocurrency-related crimes and investigations compared to traditional cases. The report, which surveyed more than 800 public sector employees globally, found that while cryptocurrency adoption is increasing, illicit use is also increasing, posing significant challenges to law enforcement, regulators and the private sector.
According to the report, although cryptocurrencies play a significant role in many criminal investigations, the overall view of cryptocurrencies among law enforcement agencies is mostly positive.
Investigations into cryptocurrency-related crimes tend to be more time-consuming than other types of criminal cases, despite advances in blockchain analysis tools like Chainalytic to help gather evidence.
The recent case involving Chirag Tomar, a cryptocurrency trader accused of facilitating the theft of his clients, highlights the growing threat of cryptocurrency theft and cybercrime in the digital age.
According to the report, Tomar allegedly abused his role to extract funds by exploiting vulnerabilities in the trading platform to redirect the stolen money to his personal accounts.
Law enforcement’s investigation into Tomar’s activities included careful analysis of blockchain transactions and digital footprints.
Collaboration between authorities, cryptocurrency exchanges, and relevant stakeholders was critical to tracking diverted funds and identifying perpetrators.
This case highlights the growing sophistication of cybercriminals operating within the cryptocurrency space and highlights the urgent need for strong security measures to protect digital assets.